The Harvard Business Review has previously made a stark statement with regards to global supply chains : the vast majority of global companies have no idea of what their risk exposure is ; that ’ s because few , if any , have complete knowledge of all the companies that provide services or parts to their direct suppliers .

The unfolding Coronavirus pandemic has thrown into sharp relief just how complex and interdependent today ’ s international supply chains are – and how little visibility companies can have over those interdependencies . Organisations are being forced to adapt and plan for dramatic impacts up and down their supply chains , with some deploying all-new tools and solutions in order to facilitate last-minute remote working – often with very little understanding of how those new solutions might affect their own security and risk levels .

These issues go far beyond third-parties alone . The chain of security and risk responsibility goes much further ; a substantial proportion of supply chain disruption is due to problems with fourth parties . Fourth parties are the suppliers of your third party , who you rarely have clear visibility and assurance over .

Effective visibility over today ’ s global and fast-moving supply chains needs to strike a careful balance . Members of that supply chain need to be properly scrutinised – certain processes , tools and technologies need to be confirmed . Yet this scrutiny needs to be done in an efficient and agile way , without requiring organisations who may be several links away in the chain to undertake really onerous processes .

FEATURE

picture of their response to security and risk in the current climate . To provide additional business context , users of the application should be able to add their own questions to the assessment .

Organisations deploying such a solution need to combine documentation of their own key assets and processes with assessment of their critical suppliers ’ management of security and risk . And all this intelligence needs to be reported in a clear and intuitive way , through flexible dashboards which can be tailored to the needs of different stakeholders within the organisation . SureCloud ’ s free solution for supply chain risk does all of the above and more .

The questions you need to ask

Supply chain assurance need to take in a broad spectrum of information . It ’ s not just about the obvious – what cybersecurity tools do they have in place , who is responsible for which process , what the contingency plans

Richard Hibbert , CEO and Co-founder of SureCloud

The answer , then , is a lightweight assessment question set focused on the most important aspects of managing business operations through adversity . This assessment must be able to be pushed out to any organisation in your supply chain – whether they are third parties , qualified fourth parties or beyond – to rapidly gain a clear are – but also ‘ softer ’ information like where their offices are based and who their customers are . Supply chain audit solutions need to be able to collect all of this data as efficiently as possible , which means that cloud-based solutions are often most appropriate . Third and fourth parties and beyond can respond to digital questionnaires with the www . intelligentciso . com | Issue 31

49